An internal Spanair report indicated that a central computer system used to monitor problems in the aircraft was infected with malware, according to El Pais.

The infected computer system, which was located at the airline’s headquarters in Palma de Mallorca, failed to detect several technical problems with the airplane.

Had the issues been identified, the plane should not have been able to take off.

[Update 3:23pm] I just read today’s DoD announcement that the most significant breach in US Military history is confirmed to have originated with foreign intelligence. The vector for the DoD attack was Autorun and removable media, same as the Madrid air disaster.

Related? Hard to tell.

[Update 8/26 8:25] At least one Navy source says it’s not related and is a conspiracy theory in our comments below, with the IP goes right back to the Norfolk US Navy NMCI server.

While I’m certain that this is not keeping with the finest traditions of Navy transparency, demonstrated by the recent open access given 16 bloggers, I’m still left wondering if an attribution of the software anomaly may be clarified – was it due to malware?

[Update 8/28 12:12] Clarity on the Spanair crash should be given; the maintenance computer found partially responsible was indeed infected with malware however this was not an onboard flight computer. Rather, it was the ground crew policy and procedure which was interfered with by the malware-ridden system. The flight would have been grounded according to policy had the alarm triggered, however the pilot error was ruled the primary cause of the mishap.

So the pilot made an error, the takeoff warning system (TOWS) failed to alert the pilot to the error, and this TOWS system was problematic, which would have grounded the plane had the malware-infected system the ground crew was using been operating properly. Any of the three issues being resolved would have saved 154 people, and that does include the malware on the non-flight ground maintenance system, which would have been ruled a ‘contributing factor to the mishap’ in Naval Aviation. Others have said it’s tertiary – there is no such thing. There are primary causes and contributing causes for a mishap. All contributing causes are equally to blame because without them the mishap may have been avoided, and that includes malware.

‘Rise of the Machines’ or ‘Motive With Universal Adaptor?’

There are no indications as of yet that this was the result of cyberwarfare or hacking however this remotely operated (potentially armed) vehicle would definitely become the target of command and control interruption during a cyberwar. Interruption would result in similar circumstances such as a deviation of flight. Successful command and control hacking would result in complete usability gained by an outside force, and perhaps even direction of weapons systems.

Still, paired with today’s other late breaking announcement about USB malware intentionally used by foreign intelligence back in 2008 against the US military, we should note that the motive should not be ruled out in the future. Cybercrime syndicates as well as national security actors/agents from foreign intelligence networks are equally capable of attempting this level of breach and the tactical rewards are monumental.

We know that organized criminal groups and individual hackers are building global networks of compromised computers, botnets and zombies, and then selling or renting them to the highest bidder, in essence becoming 21st-century cybermercenaries.

Takeaway:

As civilians it’s important for us to understand that there is a documented monetary incentive involved with defeating these systems. The 2009 DBIR notes the most common breach tactic tends to be in finding the ‘weakest link’ of the entire defensive structure, commonly with partnering corporations.

This means that often our unrelated companies may be targeted specifically in order to work upwards through the trust relationships in order to successfully penetrate the ultimate target. The Fire Scout systems were designed here in San Diego and they are assembled in Moss Point, MS. More Fire Scout project partner details can be found at GlobalSecurity.org’s site.

If we work for companies who are partnered with defense contractors, two words should remind us all how connected we are: Stuxnet & SCADA. I urge anyone to check to see if their companies have data pathways open with defense contractors and take appropriate precautions. Don’t be that open door.

user4, I really don't take kindly to anonymous trolling. Particularly when it's not so anonymous:Author : user4 (IP: 138.162.0.41 , gate1-norfolk.nmci.navy.mil
Shipmate, my kung fu is stronger than yours. Next time, use anonymizer.

@user4, unless you believe the context of the article is truly about the SkyNet Terminator Rise of the Machines Hollywood conspiracy which is clearly tongue in cheek, you need to examine the entire content and realize that this is a call to action for civilians who may provide gateways into DoD systems.

In the Terminator storyline, Skynet was originally installed into the U.S. military mainframe to control the national arsenal. Shortly afterward it gained sentience and the panicking operators, realizing the extent of its abilities, attempted to shut it down. Skynet perceived the attempt to deactivate it as an attack and came to the conclusion that all of humanity would attempt to destroy it. To defend itself, it came to one conclusion: Humanity must be terminated.

From my background you should note that I served with distinction in the US Navy, combat decorated. I’m not sniping away at the military yet I’m a proponent of transparency. My follow-up line of questioning will be with malware and whether or not this issue was the result of malware.

Additionally, shipmate, are you actually posting through a government access point onto a blog? Or is this simply a PR damage control bot programmed to output…? Now the conspiracy debate can begin: is this post autogenerated or done by a junior officer/ seaman recruit… Are we dealing with another type of ‘rise of the machines?’